CODEWITHSUNDEEP
phphttpgeturlencode
artur
artur

Reputation: 1

HTTP GET redirect not working

I have a page that receives data passed from a form. It doesnt properly redirect with all the variables passed. I think its because there are spaces in the data passed so the URL breaks at the space. I tried to do a urlencode but I couldnt get it to work properly. I am thinking I need to urlencode the variables been passed with spaces in them but I need your help.

Here's the code:

<?
$aff = $_GET['aff'] ;
$click_id = $_GET['click_id'] ;
$email = $_GET['from'];
$fname = $_GET['name_(awf_first)'];
$lname = $_GET['name_(awf_last)'];
$zipcode = $_GET['custom_zipcode'];
$address = $_GET['custom_address'];
$phone = $_GET['custom_phone_no'];
$state = $_GET['custom_state'];
$city = $_GET['custom_city'];
$subid = $_GET['meta_adtracking'] ;
$cblink = $_GET['cblink'];
$keyword = $_GET['keyword'] ;
$keyword = eregi_replace('[^a-z0-9 ]', '2', $keyword);
?>
<META HTTP-EQUIV="refresh" CONTENT=0;URL="http://mywebsite.com/page/?pID=sample&email=<?print $email?>&fname=<?print $fname?>&lname=<?print $lname?>&addr=<?print $address?>&city=<?print $city?>&state=<?print $state?>&zip=<?print $zipcode?>&hphone=<?print $phone?>&mphone=<?print $phone?>&country=US&pubSubID=<?print $subid?>&destURL=http://mywebsite.com/page/testpage.php?pubSubID=[pubSubID]&email=[email]">
<html>
<body>
</body></html>

Upvotes: 0

Views: 375

Answers (3)

Gumbo
Gumbo

Reputation: 655845

There are some issues that need to be addressed heres:

  1. Accessing indices of arrays whose existence is not verified: PHP throws an error if you try to read a variable that does not exist. You should use isset or array_key_exists (in case of an array) before reading that variable, e.g.:

     if (isset($_GET['aff'])) {
     $aff = $_GET['aff'];
 } else {
     $aff = null;
 }

You can also use the conditional operator ?: for a shorter variant of this:

    $aff = isset($_GET['aff']) ? $_GET['aff'] : null;

  1. You need to use proper encoding on the URL parameter values: either use urlencode to encode the value according to the application/x-www-form-urnelcoded content type or rawurlencode for the plain percent-encoding or – as you build the entire query – http_build_query:

     $query = array(
     'pID' => 'sample',
     'email' => isset($_GET['from']) ? $_GET['from'] : null,
     'fname' => isset($_GET['name_(awf_first)']) ? $_GET['name_(awf_first)'] : null,
     'lname' => isset($_GET['name_(awf_last)']) ? $_GET['name_(awf_last)'] : null,
     'addr' => isset($_GET['custom_address']) ? $_GET['custom_address'] : null,
     'city' => isset($_GET['custom_city']) ? $_GET['custom_city'] : null,
     'state' => isset($_GET['custom_state']) ? $_GET['custom_state'] : null,
     'zip' => isset($_GET['custom_zipcode']) ? $_GET['custom_zipcode'] : null,
     'hphone' => isset($_GET['custom_phone_no']) ? $_GET['custom_phone_no'] : null,
     'mphone' => isset($_GET['custom_phone_no']) ? $_GET['custom_phone_no'] : null,
     'country' => 'US',
     'pubSubID' => isset($_GET['meta_adtracking']) ? $_GET['meta_adtracking'] : null,
     'destURL' => 'http://mywebsite.com/page/testpage.php?pubSubID=[pubSubID]&email=[email]'
 );
 $query = http_build_query($query);

  2. You need to use proper encoding on the HTML attribute value; use htmlspecialchars:

     <META HTTP-EQUIV="refresh" CONTENT="<?php echo htmlspecialchars('0;URL=http://mywebsite.com/page/?'.$query); ?>">

Upvotes: 1

xkeshav
xkeshav

Reputation: 54084

use http_build_query

$data = array('foo'=>'bar',
              'baz'=>'boom',
              'cow'=>'milk',
              'php'=>'hypertext processor');

echo http_build_query($data) . "\n";
echo http_build_query($data, '', '&amp;');

?>
The above example will output:
foo=bar&baz=boom&cow=milk&php=hypertext+processor
foo=bar&amp;baz=boom&amp;cow=milk&amp;php=hypertext+processor

for your case

$get_data=$_GET;
echo http_build_query($get_data) . "\n";
echo http_build_query($get_data, '', '&amp;');

Upvotes: 1

alienhard
alienhard

Reputation: 14712

You need to URL-encode all values. In particular the URL that you pass as a value of the destURL param. You can convert the URL just once (e.g., try this online tool), since it seems to be static in your code:

...&destURL= http%3a%2f%2fmywebsite.com%2fpage%2ftestpage.php%3fpubSubID%3d%5bpubSubID%5d%26email%3d%5bemail%5d

Upvotes: 0

Related Questions